From patchwork Fri Sep 27 15:17:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tycho Andersen X-Patchwork-Id: 13814408 Received: from fhigh-a8-smtp.messagingengine.com (fhigh-a8-smtp.messagingengine.com [103.168.172.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D39F1C1744; Fri, 27 Sep 2024 15:18:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=103.168.172.159 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727450296; cv=none; b=WRVl4SSbopHVHOXqEmoEqCOUm/FGgOXJ8FQ3/FbJ7B/Xn1ek3O8br5eTj2irboeHZaC0OCQdSyH01TCTTNQp6vovjF0+ZBnB8Beh8WKoTWkp9h0Z1CiY6GZ+xYEJeJ1HXb25Dzd62qTNaPdMmfu6nSCuMOT2XPSnfVBlXKeNs3E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727450296; c=relaxed/simple; bh=RXE4h0FEmJJq139bQEJcVL4bi6vRBpAMaWbMvnIb4K0=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type; b=EA0FvOC+s8sSM4CDL2f8sr0O0PM+q2aNEN19q8JOdw2hK/gd/uIF72O5Bg1kecTGKTbhODforLxvk77mcXUlfYg6hiG4Pq4AUHdXvlAHzVD2FBrVOhwTQnCjWYfehBhpRCN8COiZe1ytDUZb+yEqnrhDcsskC9c+7iyBcUeDkPk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tycho.pizza; spf=pass smtp.mailfrom=tycho.pizza; dkim=pass (2048-bit key) header.d=tycho.pizza header.i=@tycho.pizza header.b=Nb7KPdXZ; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=X9fjwLSM; arc=none smtp.client-ip=103.168.172.159 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tycho.pizza Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=tycho.pizza Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=tycho.pizza header.i=@tycho.pizza header.b="Nb7KPdXZ"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="X9fjwLSM" Received: from phl-compute-05.internal (phl-compute-05.phl.internal [10.202.2.45]) by mailfhigh.phl.internal (Postfix) with ESMTP id 8A4C911401BF; Fri, 27 Sep 2024 11:18:13 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-05.internal (MEProxy); Fri, 27 Sep 2024 11:18:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1727450293; x=1727536693; bh=1M JeUQz3swau3AVK/0+TWO5a/QWf2ulbE3IH6vSxBJI=; b=Nb7KPdXZFSjhJ8Anh1 SnJYc1wgl4ONE3Bmff2Ln0JZ7/YdBmmJYG0Wb4/dAqCb47tl8OwJ3Xkcu2SDK0H/ imzCNbvglV4mmZxEvSVTG1dD2Gq6Bv9Txgsg0LP++zA49c5bR7jc1WsywbQ0C3dg jDMII71P92IPRmX7UICFCgZ5DPlYnvCWC/lLisk243eLJ1IpHW5S6fgrv22pVBjA Q0ISIMJwKPPYpEy0mgzXQrPJIqjRxYrZ+iHPKMNkNldNxWfxed0fy1z1n9FW9d7/ LQh62B6yUsLY+AHGVutq0FIHq2Ia6cq9Zhnwew5Ihdpxz+tfy+Nr1d5S7K4HU9kr /ikw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1727450293; x=1727536693; bh=1MJeUQz3swau3 AVK/0+TWO5a/QWf2ulbE3IH6vSxBJI=; b=X9fjwLSM4GotMVLhkIxg+GhurN2z0 Wh2y4OX/kg+W+c0mi7bz3XEDivZ496Otb7n3ooZUfatfZVOIMWV4BIWOH77FLkpl pGJK7lGi+uRhsGCU0dYqOgX933SzS0838T7lfnSRiENLXhfaK/iF9VWjbmaDc/ui Uk4Ye8MbrhDeKw+Lh6V6Rm7+u5/UIYBfcL8fA9SI59Ct6kR/batutbOZ2QRIEFfb lkBo7RJeC6KK+5SMpQN9sxuz4XePW//21H5uRyGBcBqhAiREGhmAPHyTj8Gvj8XX vatNHLYNn65CDcP6qY2WPMi8waXkZdInVR2aQPtLwIoDFFKBzsXh2/jtw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvddtledgkeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhephffvvefufffkofggtgfgsehtkeertdertdejnecu hfhrohhmpefvhigthhhoucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpih iiiigrqeenucggtffrrghtthgvrhhnpeeuueeujeffffekheevvdeiudffgfdtteevuddv tefhgeduffehuddvjeffhffgueenucffohhmrghinhepghhithhhuhgsrdgtohhmnecuve hluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepthihtghhohes thihtghhohdrphhiiiiirgdpnhgspghrtghpthhtohepudefpdhmohguvgepshhmthhpoh huthdprhgtphhtthhopehvihhrohesiigvnhhivhdrlhhinhhugidrohhrghdruhhkpdhr tghpthhtohepsghrrghunhgvrheskhgvrhhnvghlrdhorhhgpdhrtghpthhtohepjhgrtg hksehsuhhsvgdrtgiipdhrtghpthhtohepvggsihgvuggvrhhmseigmhhishhsihhonhdr tghomhdprhgtphhtthhopehkvggvsheskhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplh hinhhugidqfhhsuggvvhgvlhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthho pehlihhnuhigqdhmmheskhhvrggtkhdrohhrghdprhgtphhtthhopehlihhnuhigqdhkvg hrnhgvlhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehlihhnuhigqdhk shgvlhhfthgvshhtsehvghgvrhdrkhgvrhhnvghlrdhorhhg X-ME-Proxy: Feedback-ID: i21f147d5:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 27 Sep 2024 11:18:10 -0400 (EDT) From: Tycho Andersen To: Alexander Viro , Christian Brauner , Jan Kara , Eric Biederman , Kees Cook Cc: linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Tycho Andersen , Tycho Andersen , =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= , Aleksa Sarai Subject: [PATCH v2 1/2] exec: add a flag for "reasonable" execveat() comm Date: Fri, 27 Sep 2024 09:17:45 -0600 Message-Id: <20240927151746.391931-1-tycho@tycho.pizza> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Tycho Andersen Zbigniew mentioned at Linux Plumber's that systemd is interested in switching to execveat() for service execution, but can't, because the contents of /proc/pid/comm are the file descriptor which was used, instead of the path to the binary. This makes the output of tools like top and ps useless, especially in a world where most fds are opened CLOEXEC so the number is truly meaningless. Change exec path to fix up /proc/pid/comm in the case where we have allocated one of these synthetic paths in bprm_init(). This way the actual exec machinery is unchanged, but cosmetically the comm looks reasonable to admins investigating things. Signed-off-by: Tycho Andersen Suggested-by: Zbigniew Jędrzejewski-Szmek CC: Aleksa Sarai Link: https://github.com/uapi-group/kernel-features#set-comm-field-before-exec --- v2: * drop the flag, everyone :) * change the rendered value to f_path.dentry->d_name.name instead of argv[0], Eric --- fs/exec.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) base-commit: baeb9a7d8b60b021d907127509c44507539c15e5 diff --git a/fs/exec.c b/fs/exec.c index dad402d55681..9520359a8dcc 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1416,7 +1416,18 @@ int begin_new_exec(struct linux_binprm * bprm) set_dumpable(current->mm, SUID_DUMP_USER); perf_event_exec(); - __set_task_comm(me, kbasename(bprm->filename), true); + + /* + * If fdpath was set, execveat() made up a path that will + * probably not be useful to admins running ps or similar. + * Let's fix it up to be something reasonable. + */ + if (bprm->fdpath) { + BUILD_BUG_ON(TASK_COMM_LEN > DNAME_INLINE_LEN); + __set_task_comm(me, bprm->file->f_path.dentry->d_name.name, true); + } else { + __set_task_comm(me, kbasename(bprm->filename), true); + } /* An exec changes our domain. We are no longer part of the thread group */ From patchwork Fri Sep 27 15:17:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tycho Andersen X-Patchwork-Id: 13814409 Received: from fout-a2-smtp.messagingengine.com (fout-a2-smtp.messagingengine.com [103.168.172.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DEC41411E0; Fri, 27 Sep 2024 15:18:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=103.168.172.145 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727450298; cv=none; b=kIrOL6N6Ck4JwvLHl+sQ3Z8Iv/neAd5lfe3syWtzb3Q+27brgTHLrBFQIUjSReW2l+ROPZm32K1wCuRyPUgLWAl6fpmydJSQ6cqwtW/lqnqyWL1LctFvhH8hlO/phQGuKMCvkggmHUYbIWeHI7g22Rvzd1MdFMrqOfRozL8xUWA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727450298; c=relaxed/simple; bh=Au412/fFbpquOp/lmA/1fVR4HYznA9tZpqoVa2f6kL0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=aUfaYHgQ6EayQGiib3iZFioIKU5cc5jGwwBHw4qNmhwuHqpFD9r9uljFOEkMcBoAhnZ6uPYgE/eGubJBckp3Y5ZvhEaL7UleNzKRyjw9dLov/6vfxxIsOUVOs9dsqmap+XxETC/XrURYBtYX4+XRKSEreu+t/fkAt+0Sl059wCE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tycho.pizza; spf=pass smtp.mailfrom=tycho.pizza; dkim=pass (2048-bit key) header.d=tycho.pizza header.i=@tycho.pizza header.b=OaGgv9nY; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=AjUy+z71; arc=none smtp.client-ip=103.168.172.145 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tycho.pizza Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=tycho.pizza Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=tycho.pizza header.i=@tycho.pizza header.b="OaGgv9nY"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="AjUy+z71" Received: from phl-compute-09.internal (phl-compute-09.phl.internal [10.202.2.49]) by mailfout.phl.internal (Postfix) with ESMTP id BF56813802B2; Fri, 27 Sep 2024 11:18:15 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-09.internal (MEProxy); Fri, 27 Sep 2024 11:18:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1727450295; x= 1727536695; bh=jcSby7W+5uYeteUvGb/mYaE5eneel7efJMsI4xZNg/Q=; b=O aGgv9nY/gvXmka7uEIvUyI2bcReYcLIrGXiC2EXnWt+6t/+3/pSz2aOwRahK5NGN S4w1LpVVLX0+T9WDe2cmujPbqbp7OfhaW9cZKw6wolwdr0KLQCU2J8X6l74GP3zP b71pzfbKjFsjrH0HS8yg/Buznwjlxmdg/d1W5IIHCXyjR9OgOBHq25HjgGtauHzG SbhTRjnAvrw8GMzHNAqjlCjcIkVu0U/+dSnoMbD1yILpYlZ6xaAJR5vu68+1Pklm iF2sJLkKIzeBZ37xp2MTlzV7Fwfg9GMIrAEq/t/WHbSsOkDjC25tReJRJPLMjeyf FqnT2H6YnE0aHR9ZPM11A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1727450295; x= 1727536695; bh=jcSby7W+5uYeteUvGb/mYaE5eneel7efJMsI4xZNg/Q=; b=A jUy+z71oFyvq3G7NnTwpUPU9yVnmsM+V82bXRSyZUmqLXVa06AI4PYxNoge9NSFv MLrGAGndjUbPvblZBY6zscQfYm1qMXdPet6kSlYanG7OAvsIMUlfBkkuVixdkbl3 tgkNxetvMtqk/LqG/NL0kmW62+voaWY0ZvZ6bP/bH80rZ+ASXo2WXGWhyHg4IgFU jKlIjoBkz6TJmPTZRFetKfZB6oVn6YGlzbxUvVOAnesgTGcOV7xq+MEILp+xBiVH qwNTNCiQGeer/Pq5C4t6sPLL0m2l/jRGdHoPNTcG9OLXOsFyUCaBj7k/Upg36h1j zsYSMyvxT3PUF0n0z3IyA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvddtledgkeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttden ucfhrhhomhepvfihtghhohcutehnuggvrhhsvghnuceothihtghhohesthihtghhohdrph hiiiiirgeqnecuggftrfgrthhtvghrnhepvdegffehledvleejvdethffgieefveevhfei gefffffgheeguedtieektdeigeeunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepthihtghhohesthihtghhohdrphhiiiiirgdpnhgspghrtghp thhtohepuddupdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehvihhrohesiigvnh hivhdrlhhinhhugidrohhrghdruhhkpdhrtghpthhtohepsghrrghunhgvrheskhgvrhhn vghlrdhorhhgpdhrtghpthhtohepjhgrtghksehsuhhsvgdrtgiipdhrtghpthhtohepvg gsihgvuggvrhhmseigmhhishhsihhonhdrtghomhdprhgtphhtthhopehkvggvsheskhgv rhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidqfhhsuggvvhgvlhesvhhgvghrrd hkvghrnhgvlhdrohhrghdprhgtphhtthhopehlihhnuhigqdhmmheskhhvrggtkhdrohhr ghdprhgtphhtthhopehlihhnuhigqdhkvghrnhgvlhesvhhgvghrrdhkvghrnhgvlhdroh hrghdprhgtphhtthhopehlihhnuhigqdhkshgvlhhfthgvshhtsehvghgvrhdrkhgvrhhn vghlrdhorhhg X-ME-Proxy: Feedback-ID: i21f147d5:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 27 Sep 2024 11:18:13 -0400 (EDT) From: Tycho Andersen To: Alexander Viro , Christian Brauner , Jan Kara , Eric Biederman , Kees Cook Cc: linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Tycho Andersen , Tycho Andersen Subject: [PATCH v2 2/2] selftests/exec: add a test to enforce execveat()'s comm Date: Fri, 27 Sep 2024 09:17:46 -0600 Message-Id: <20240927151746.391931-2-tycho@tycho.pizza> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240927151746.391931-1-tycho@tycho.pizza> References: <20240927151746.391931-1-tycho@tycho.pizza> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Tycho Andersen We want to ensure that /proc/self/comm stays useful for execveat() callers. Signed-off-by: Tycho Andersen --- tools/testing/selftests/exec/execveat.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tools/testing/selftests/exec/execveat.c b/tools/testing/selftests/exec/execveat.c index 071e03532cba..091029f4ca9b 100644 --- a/tools/testing/selftests/exec/execveat.c +++ b/tools/testing/selftests/exec/execveat.c @@ -419,6 +419,9 @@ int main(int argc, char **argv) if (argc >= 2) { /* If we are invoked with an argument, don't run tests. */ const char *in_test = getenv("IN_TEST"); + /* TASK_COMM_LEN == 16 */ + char buf[32]; + int fd; if (verbose) { ksft_print_msg("invoked with:\n"); @@ -432,6 +435,28 @@ int main(int argc, char **argv) return 1; } + fd = open("/proc/self/comm", O_RDONLY); + if (fd < 0) { + perror("open comm"); + return 1; + } + + if (read(fd, buf, sizeof(buf)) < 0) { + close(fd); + perror("read comm"); + return 1; + } + close(fd); + + /* + * /proc/self/comm should fail to convert to an integer, i.e. + * atoi() should return 0. + */ + if (atoi(buf) != 0) { + ksft_print_msg("bad /proc/self/comm: %s", buf); + return 1; + } + /* Use the final argument as an exit code. */ rc = atoi(argv[argc - 1]); exit(rc);